{"uuid": "0de46671-75ef-4646-83ca-81fd9d541d77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-15846", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/942", "content": "string.c: do not interpret '\\\\' before '\\0' (CVE-2019-15846)\nConditions to be vulnerable\n===========================\n\nIf your Exim server accepts TLS connections, it is vulnerable. This does\nnot depend on the TLS libray, so both, GnuTLS and OpenSSL are affected.\n\nDetails\n=======\n\nThe vulnerability is exploitable by sending a SNI ending in a\nbackslash-null sequence during the initial TLS handshake. The exploit\nexists as a POC. For more details see the document qualys.mbx\n\nMitigation\n==========\n\nDo not offer TLS. (This mitigation is not recommended.)\nhttps://git.exim.org/exim.git/blob_plain/2600301ba6dbac5c9d640c87007a07ee6dcea1f4:/doc/doc-txt/cve-2019-15846/cve.txt", "creation_timestamp": "2019-09-06T11:04:18.000000Z"}